[OpenSIPS-Users] Ghost calls 1001
Schneur Rosenberg
rosenberg11219 at gmail.com
Fri Apr 21 06:13:10 EDT 2017
Sending a 200 ok will notify the hacker that a sip server exists on the
IP/port, simply ignoring the request is best.
On Apr 21, 2017 12:20 PM, "johan de clercq" <johan at democon.be> wrote:
> Another approach is sending 200 ok and then exit().
>
>
>
> *From:* Users [mailto:users-bounces at lists.opensips.org] *On Behalf Of *Schneur
> Rosenberg
> *Sent:* Friday, April 21, 2017 11:00 AM
> *To:* OpenSIPS users mailling list <users at lists.opensips.org>
> *Subject:* Re: [OpenSIPS-Users] Ghost calls 1001
>
>
>
> User agent variable is stored in $ua do a if and drop()
>
>
>
> Regarding iptables do something like this
>
>
>
>
>
> https://community.freepbx.org/t/stop-sipvicious-friendly-scanner/28580
>
>
>
>
>
> On Apr 21, 2017 10:12 AM, "Uzair Hassan" <uzairhassan at shaw.ca> wrote:
>
> Is there any documentation I could read to understand the process you just
> described?
>
> On April 20, 2017 11:15:54 PM Schneur Rosenberg <rosenberg11219 at gmail.com>
> wrote:
>
> In addition to iptables/fail2ban you should inspect the useragent that the
> packets come from, most of them will come from sip vicious or friendly
> scanner etc, you can block them with iptables and/or with drop() in
> opensips, this will stop the scanner right away because he won't get any
> replies so he will just move on.
>
>
>
> On Apr 21, 2017 8:11 AM, "Uzair Hassan" <uzairhassan at shaw.ca> wrote:
>
> Is there a way to change opensips port ? Whenever I try it doesn't even
> start.
>
> On April 20, 2017 9:09:55 PM "Alexander Jankowsky" <
> E75A4669 at exemail.com.au> wrote:
>
>
>
> You might need to do a Wireshark trace and find out if the calls originate
> externally into the system.
>
> If you are in an open DMZ with the router, that could be just the start of
> your problems.
>
> I had Opensips 2.3.0-beta in the open on DMZ with the router for only a
> few hours and
>
> I then had a couple of dozen automated break in attempts trying to access
> the system.
>
> You need to pay a lot of attention to the system logs otherwise you may
> not even notice.
>
> Go over your router very carefully and restrict everything you do not need
> exposed.
>
> Port 5060 is a very popular target with automated robots, use another port
> if your able to.
>
>
>
> Alex
>
>
>
>
>
> *From:* Users [mailto:users-bounces at lists.opensips.org] *On Behalf Of *Uzair
> Hassan
> *Sent:* Friday, 21 April 2017 6:16 AM
> *To:* users at lists.opensips.org
> *Subject:* [OpenSIPS-Users] Ghost calls 1001
>
>
>
> Hello all,
>
>
>
> I have setup a opensips 2.3 on a new server and I'm getting ghost calls
> into my system. How do I stop these ghost call? The opensips server is
> brand new. the install is clean and nothing has been touched after the
> initial simple residential script setup. What can I do to defend myself
> from these ghost calls.
>
> Thank you so much.
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170421/6ed2e11c/attachment-0001.html>
More information about the Users
mailing list